88.214.26.37 Threat Intelligence and Host Information

Oct 21, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 88.214.26.37 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 57/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1007 - System Service Discovery, T1008 - Fallback Channels, T1016.001 - Internet Connection Discovery, T1016 - System Network Configuration Discovery, T1020 - Automated Exfiltration, T1033 - System Owner/User Discovery, T1041 - Exfiltration Over C2 Channel, T1053.005 - Scheduled Task, T1053 - Scheduled Task/Job, T1059.001 - PowerShell, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1087 - Account Discovery, T1090.002 - External Proxy, T1090 - Proxy, T1113 - Screen Capture, T1114 - Email Collection, T1119 - Automated Collection, T1123 - Audio Capture, T1125 - Video Capture, T1133 - External Remote Services, T1134 - Access Token Manipulation, T1190 - Exploit Public-Facing Application, T1204.002 - Malicious File, T1204 - User Execution, T1210 - Exploitation of Remote Services, T1217 - Browser Bookmark Discovery, T1505.003 - Web Shell, T1505 - Server Software Component, T1547.001 - Registry Run Keys / Startup Folder, T1547 - Boot or Logon Autostart Execution, T1552.001 - Credentials In Files, T1552.003 - Bash History, T1552 - Unsecured Credentials, T1555 - Credentials from Password Stores, T1560.001 - Archive via Utility, T1560.003 - Archive via Custom Method, T1560 - Archive Collected Data, T1566.001 - Spearphishing Attachment, T1566 - Phishing, T1571 - Non-Standard Port, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, T1584.006 - Web Services, T1584 - Compromise Infrastructure, T1587.001 - Malware, T1587 - Develop Capabilities, T1588.001 - Malware, T1588 - Obtain Capabilities, T1590.005 - IP Addresses, T1590 - Gather Victim Network Information, T1594 - Search Victim-Owned Websites, T1595.002 - Vulnerability Scanning, T1595 - Active Scanning, T1596 - Search Open Technical Databases

  • Tags: access, behinder, brute-force, bruteforce, Brute Force, cobalt strike, data, discovery, execution, exploit, file, fscan, gather victim, godzilla, jrat, kfsensor, malware, manipulation, metasploit, meterpreter, network, panel morf, powershell, project, rdp, scanning, shadowsilk, sqlmap, ssh, ssl-vpn, sslvpn, SSL VPN, telegram, vpn, VPN, wpscan

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: turris_greylist

  • Country: Germany
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Spain, United States of America

Malware Detected on Host

Count: 2 7d470625faf2f9daa5803d0aa92d29a03530f5aae22026225701a5bafe708b0f 5577d18b54433d58c4f8ee7fd0dd0961af2965003637dca4a6cad8f805c093ae

Map

Whois Information

  • inetnum: 88.214.26.0 - 88.214.26.255
  • netname: Layer7-FRA1-Network
  • org: ORG-LNG5-RIPE
  • country: DE
  • admin-c: LNG14-RIPE
  • tech-c: LNG14-RIPE
  • status: LIR-PARTITIONED PA
  • mnt-by: lir-de-l7networks-gmbh-1-MNT
  • created: 2025-09-09T09:18:47Z
  • last-modified: 2025-09-09T09:18:47Z
  • organisation: ORG-LNG5-RIPE
  • org-name: Layer7 Networks GmbH
  • country: DE
  • org-type: LIR
  • address: Brunnenstrasse 9a
  • address: 63599
  • address: Biebergemünd
  • address: GERMANY
  • phone: +4917622523306
  • admin-c: LNG14-RIPE
  • tech-c: LNG14-RIPE
  • abuse-c: AR67336-RIPE
  • mnt-ref: lir-de-l7networks-gmbh-1-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: lir-de-l7networks-gmbh-1-MNT
  • created: 2022-01-19T08:23:59Z
  • last-modified: 2025-07-10T07:50:29Z
  • role: Layer7 Networks GmbH
  • address: GERMANY
  • address: Gelnhausen
  • address: 63571
  • address: Zum Sonnenberg 1-3
  • phone: +4917622523306
  • abuse-mailbox: abuse@layer7.net
  • nic-hdl: LNG14-RIPE
  • mnt-by: lir-de-l7networks-gmbh-1-MNT
  • created: 2022-01-19T08:23:59Z
  • last-modified: 2024-09-03T16:44:35Z
  • route: 88.214.26.0/24
  • origin: AS35042
  • mnt-by: lir-de-l7networks-gmbh-1-MNT
  • created: 2025-09-09T09:19:20Z
  • last-modified: 2025-09-09T09:19:20Z

Links to attack logs

****** nmap-scanning-list-2021-06-12 ****** ******

Share on: